CVE-2019-16920

Unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565. The issue occurs when the attacker sends an arbitrary input to a "PingTest" device common gateway interface that could lead to common injection. An attacker who successfully triggers...

Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

...

EUVD-2021-19682

Malware in sbrugna...

EUVD-2021-13494

Malware in sbrugna...

EUVD-2005-3934

Malware in sbrugna...

EUVD-2002-1530

Malware in sbrugna...

EUVD-2010-4661

Malware in sbrugna...

EUVD-2014-4911

Malware in sbrugna...

EUVD-2002-1614

Malware in sbrugna...

EUVD-2025-4481

Malicious code in bioql PyPI...

EUVD-2023-44376

Malicious code in bioql PyPI...

EUVD-2022-33579

Malicious code in bioql PyPI...

EUVD-2024-47124

Malicious code in bioql PyPI...

EUVD-2024-35125

Malicious code in bioql PyPI...

EUVD-2022-28108

Malicious code in bioql PyPI...

EUVD-2024-1934

Malicious code in bioql PyPI...

CVE-2025-8654

CVE-2025-8654 affects Kenwood DMX958XR devices. The vulnerability is in ReadMVGImage, where insufficient validation of a user-supplied string is used to execute a system call, allowing remote code execution with root privileges. Exploitation is possible by network-adjacent attackers without authe...

(Pwn2Own) QNAP QHora-322 tar Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of parameters provided to the tar executable. The issue...

CVE-2025-52379

Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below contains an authenticated command injection vulnerability in the firmware update feature. The /web/umfileNameset.cgi and /web/umwebupgrade.cgi endpoints fail to properly sanitize the upgradeFileName parameter, allowing authenticated...

CVE-2025-34073 stamparm/maltrail <=0.54 Remote Command Execution

An unauthenticated command injection vulnerability exists in stamparm/maltrail Maltrail versions =0.54. A remote attacker can execute arbitrary operating system commands via the username parameter in a POST request to the /login endpoint. This occurs due to unsafe handling of user-supplied input...